CVE-2026-39390

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of...

CVE-2026-39390

creationtimestamp| type| source ---|---|--- 2026-04-07 20:07:21+00:00| published-proof-of-concept| https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x3hr-cp7x-44r2 2026-04-08 18:01:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyut3qg6x2s...

CVE-2023-39390

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...

CVE-2025-39390

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through = 2.3.6...

CVE-2025-39390

creationtimestamp| type| source ---|---|--- 2025-04-25 14:07:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13421...

CVE-2025-39390

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through = 2.3.6...

CVE-2025-39390 WordPress Booking and Rental Manager plugin <= 2.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through = 2.3.6...

CVE-2025-39390

CVE-2025-39390 corresponds to a Missing Authorization vulnerability in the WordPress plugin Booking and Rental Manager (Magepeopleteam Booking and Rental Manager). Affected versions are from n/a through 2.3.8 (and closely related listings reference up to 2.3.8/2.3.6 variants). The issue allows ac...

CVE-2025-39390 WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8...

WordPress Booking and Rental Manager plugin <= 2.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Booking and Rental Manager versions = 2.3.6...

CVE-2024-39390

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-39390 Adobe Indesign 2024 DOC File Parsing Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-39390 Adobe Indesign 2024 DOC File Parsing Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-39390

creationtimestamp| type| source ---|---|--- 2023-08-13 16:18:39+00:00| seen| https://t.me/cibsecurity/68404...

CVE-2023-39390

CVE-2023-39390 affects Huawei HarmonyOS, specifically the window management module. The vulnerability arises from input parameter verification weaknesses in certain APIs, which, if exploited over the network, could cause the device to restart (CVSS 7.5, HIGH; AV:N, AC:L, PR:N, UI:N, S:U, C:N, I:N...

CVE-2022-39390

creationtimestamp| type| source ---|---|--- 2022-11-09 07:35:53+00:00| seen| https://t.me/cibsecurity/52707...

CVE-2022-39390

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidate is a reservation duplicate of CVE-2020-36534. Notes: All CVE users should reference CVE-2020-36534 instead of this candidate. All references and descriptions in this candidate have been removed t...

CVE-2021-39390

creationtimestamp| type| source ---|---|--- 2022-05-04 14:44:11+00:00| seen| https://t.me/cibsecurity/41806...

CVE-2021-39390

CVE-2021-39390 describes a Stored XSS in PartKeepr 1.4.0. The vulnerability arises in the edit module where multiple API endpoints accept a name parameter without proper sanitization/validation, allowing injection of JavaScript that can be executed in the client browser. Affected software: PartKe...

CVE-2022-39390

CVE-2022-39390 is a reservation duplicate of CVE-2020-36534 and should reference CVE-2020-36534 instead. Connected CVE data show the underlying issue is a CSRF vulnerability in easyii CMS, specifically affecting an unknown function at /admin/sign/out, with remote exploitation and the exploit-publ...